Providers shouldn't bear the brunt of information blocking enforcement

There's been so much support and praise for the 21st Century Cures Act, which sailed through the House July 9, that the American Hospital Association's (AHA) cautionary note about the legislation's enforcement provisions against information blocking may not be receiving the attention it deserves.

In a July 10 letter to the heads of the House Committee on Energy and Commerce, AHA says that it appreciates the "positive changes" to interoperability contained in the Act, but expresses concern about the interoperability enforcement provisions.

Note that these parts of the bill are buried deep in to the legislation itself. They're not in the two-page summary or the frequently asked questions. Even the section-by-section summary only says "[t]his section would refocus national efforts on making systems interoperable and holding individuals responsible for blocking or otherwise inhibiting the flow of patient information throughout our healthcare system."

But upon reading the legislation, it's easy to see why AHA is concerned.

First, the bill contains a very broad definition of "information blocking" that includes, among other things, charging unreasonable fees to exchange information and developing health IT in nonstandard ways or in ways that lock in users. But the definition doesn't differentiate between vendors and providers. Some of the definition doesn't even apply to providers. AHA recommends that there be two separate, more applicable definitions for information blocking by vendors and information blocking by providers.

That's a valid point. Vendors and providers are different, and block the exchange of electronic patient information in different ways. A one-size-fits-all definition may not be feasible, especially since the legislation also greatly ups the ante when it comes to penalties.

And that's AHA's second issue. The bill gives the Department of Health and Human Services' Office of Inspector General (OIG) the authority to investigate entities for information blocking and to impose civil monetary penalties on violators.

AHA thinks that's overkill, calling it "unnecessary and duplicative" because the existing Meaningful Use program already has mechanisms in place to punish providers who engage in information blocking and/or falsely attest to interoperability.

AHA also is worried that since the provision incentivizes OIG to investigate information blockers by allowing the agency to keep the penalty money for its own appropriations, the latter will act like recovery audit contractors (RACs). While the letter doesn't articulate why that's problematic, industry insiders know that RACs, which are incentivized by being paid a percentage of the provider overpayments they uncover and recoup, have been rather zealous in their endeavors, so much so that appeals have skyrocketed.

Also, I'd wager that AHA is concerned that OIG may target hospitals engaged in information blocking more than vendors, so enforcement will have a disproportionate impact on providers. After all, OIG is used to investigating providers. They may end up being the low hanging fruit.

But granting OIG this authority may be smart, or at least inevitable. It may be unnecessary and duplicative when it comes to providers, but not when it comes to vendors where there has been relatively little enforcement. There's already evidence that vendors with certified electronic health record systems aren't complying with the certification criteria. It's good to have the big guns available to step in.

The legislation also gives the government a middle ground when dealing with vendors, enabling OIG to impose penalties on them without having to decertify their EHR products. That can now be used as a last resort. Decertification is not a move to be taken lightly, since it would have far reaching effects on innocent providers.   

And I don't think OIG can really be compared to the RACs. OIG would retain the funds to fund more investigations. The RACs retain the funds as compensation. That's a big difference.

The real issue is that while both providers and vendors engage in information blocking, safeguards should be taken to ensure that providers don't end up inadvertently bearing the brunt of potential enforcement. Their information blocking is arguably smaller scale. And it's not the providers that designed noninteroperable, proprietary systems to begin with. - Marla (@MarlaHirsch and @FierceHealthIT)